asherah 0.2.0-aarch64-linux → 0.3.0-aarch64-linux

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a2e6fdb86dc94a52314b2e3c3b15e24a97a892e66a894f35187d9149ce8eb756
-  data.tar.gz: 4d29ae34d0e5efae2078f53c6ea3ffd73d1c94888dc6451d0cea884b10b67bc6
+  metadata.gz: ef6d062e4ed676c66a72dba500d4376801b33199da28e69eb2e62f34dae62a40
+  data.tar.gz: 2909ca407f9d1954e68232122373baa30c3a33095d65b890d996061902bcc136
 SHA512:
-  metadata.gz: fc4d1c627347bfcf984adf49647de53c86b7133474a2ef8c457fcc0645ca1641987fa7330a0a15bc2f4a621ba7397f480ce550f993c32dffe5416c14191609ae
-  data.tar.gz: 8eeb0241c1eb2dfc8f7500eee412aa6955d77138b250137b37388fa4a120bfd07a5a572205b3e552582dd24d45ee7d92a22e5c4a21c406c1e89eaee01dd3f502
+  metadata.gz: 888f1d7c7534919bd79c70def643abd712e01b06808a78b4fc7017e0a0e0e841c267921635cf8beacf0bc7e99b986aa64e7258d2313728c02784c878d0cc5502
+  data.tar.gz: 18d76b1c06ed638fa06f15dbfbed49cca82c2ae19d31d0c5ff1968da854dce4b43b724cc267638e422c02db0b1692fd255deb360531418ac571e30b7a91a6d07

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 ## [Unreleased]
 
+## [0.3.0] - 2022-03-22
+
+- Free up cobhan buffers after encrypt/decrypt to prevent growing heap memory
+- Use local `estimate_buffer` calculation instead of FFI call
+- Upgrade to use asherah-cobhan v0.4.3
+
 ## [0.2.0] - 2022-03-21
 
 - Implement versioning for asherah-cobhan binaries

data/lib/asherah/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Asherah
-  VERSION = '0.2.0'
+  VERSION = '0.3.0'
 end

data/lib/asherah.rb

@@ -14,10 +14,13 @@ module Asherah
     [:SetupJson, [:pointer], :int32],
     [:EncryptToJson, [:pointer, :pointer, :pointer], :int32],
     [:DecryptFromJson, [:pointer, :pointer, :pointer], :int32],
-    [:EstimateBuffer, [:int32, :int32], :int32],
     [:Shutdown, [], :void]
   ].freeze)
 
+  ESTIMATED_ENCRYPTION_OVERHEAD = 48
+  ESTIMATED_ENVELOPE_OVERHEAD = 185
+  BASE64_OVERHEAD = 1.34
+
   class << self
     # Configures Asherah
     #
@@ -27,6 +30,7 @@ module Asherah
       config = Config.new
       yield config
       config.validate!
+      @intermediated_key_overhead_bytesize = config.product_id.bytesize + config.service_name.bytesize
 
       config_buffer = string_to_cbuffer(config.to_json)
 
@@ -52,13 +56,15 @@ module Asherah
     def encrypt(partition_id, data)
       partition_id_buffer = string_to_cbuffer(partition_id)
       data_buffer = string_to_cbuffer(data)
-      estimated_length = EstimateBuffer(data.bytesize, partition_id.bytesize)
-      output_buffer = allocate_cbuffer(estimated_length)
+      estimated_buffer_bytesize = estimate_buffer(data.bytesize, partition_id.bytesize)
+      output_buffer = allocate_cbuffer(estimated_buffer_bytesize)
 
       result = EncryptToJson(partition_id_buffer, data_buffer, output_buffer)
       Error.check_result!(result, 'EncryptToJson failed')
 
       cbuffer_to_string(output_buffer)
+    ensure
+      [partition_id_buffer, data_buffer, output_buffer].map(&:free)
     end
 
     # Decrypts a DataRowRecord in JSON format for a partition_id and returns decrypted data.
@@ -75,11 +81,22 @@ module Asherah
       Error.check_result!(result, 'DecryptFromJson failed')
 
       cbuffer_to_string(output_buffer)
+    ensure
+      [partition_id_buffer, data_buffer, output_buffer].map(&:free)
     end
 
     # Stop the Asherah instance
     def shutdown
       Shutdown()
     end
+
+    private
+
+    def estimate_buffer(data_bytesize, partition_bytesize)
+      ESTIMATED_ENVELOPE_OVERHEAD +
+        @intermediated_key_overhead_bytesize +
+        partition_bytesize +
+        ((data_bytesize + ESTIMATED_ENCRYPTION_OVERHEAD) * BASE64_OVERHEAD)
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: asherah
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: aarch64-linux
 authors:
 - GoDaddy
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-03-21 00:00:00.000000000 Z
+date: 2022-03-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cobhan